1. Field of the Invention
The present invention relates to a method, system, program, and article of manufacture for implementing security features at a portal server.
2. Description of the Related Art
A portal site is a World Wide Web site or service that offers a broad array of resources and services, such as e-mail, forums, search engines, and on-line shopping malls. A portal server functions as a Web server that hosts the portal site. Prior art portal sites usually categorize content and provide a hyperlink for each category. The hyperlinks may lead to other Internet Web sites outside the portal server. Users access the portal server via a Web browser and click on a hyperlink to read content. Examples of such portal servers are those run by Yahoo!**, Microsoft** Network, and America Online**. **Yahoo! is a trademark of Yahoo!, Inc.; Microsoft and Active Server Pages are trademarks of Microsoft Corporation; America Online is a trademark of America Online, Inc.; Netegrity is a trademark of Netegrity, Inc.; Novell is a trademark of Novell, Inc.; Tivoli is a trademark of Tivoli Systems, Inc.; Java and Java server pages are trademarks of Sun Microsystems, Inc.
Some portal servers provide access to a plurality of software applications, where the software applications are stored in servers that are external to the portal server. Such software applications are called backend applications, and the servers in which the backend applications are stored are called backend systems. A user directs a Web browser to connect to the portal server, and subsequently accesses the backend applications via the portal server. The portal servers provide a single point of interaction to the backend applications personalized to the user's needs and responsibilities. A single unified interface on a portal server typically provides the single point of interaction to a user.
Portal servers can transform the manner in which users access, manage, and share essential data and applications. Portal servers may organize business applications, syndicated content, e-mail messages, and any other relevant information into a workspace that can be customized to a user's specifications. An example of such a portal server is the Netegrity** Interaction Server.
When a portal server provides access to backend applications users do not have to store bookmarks at a Web browser for each of the individual backend applications. For example, corporate users may use a Web browser and access corporate-wide applications, such as Web-based electronic mail, instant messaging system, corporate accounting information etc., via a corporate portal server.
Users may have to authenticate with a portal server by typing in a username and a password, using a smartcard or via other means before the users can access the backend applications. Some prior art portal servers also use the authentication information of the user to display personalized information tailored for the user. Hence, prior art portal servers provide a rudimentary security mechanism for authentication with the portal server before allowing access to the backend applications.
However, even in prior art portal servers that require authentication from a user, a backend application may require additional authentications before users can access the backend application. In addition, there are security issues beyond authentication. For example, even within the same backend application different users may have different types of privileges. For example, some users may be able to update corporate accounting information whereas other users may be able to read but not update the corporate accounting information.
There are existing single sign-on products, such as the Novell** Single Sign-on or the Tivoli** Global Sign-on that enable client applications to authenticate with a plurality of servers via a single login. However, such single sign-on applications generally do not enforce a high level of security beyond authentication and furthermore are directory-based software solutions. In addition, such directory-based single sign-on products do not typically function on a portal server.
Hence, there is a need in the art to provide a system, method and article of manufacture for a portal server that securely allows access to a plurality of backend applications stored on backend servers.